Privacy Policy

Effective Date: October 2025

Oncoo (referenced herein as "we," "us," or "Oncoo" or with "our") has developed this privacy policy to help you understand how we collect, use, and protect your personal information. This Privacy Policy applies to our website (oncoo.app) and our mobile application (collectively, the "Platform").

Our Commitment: At Oncoo, privacy is not an afterthought—it's foundational. We exist to serve people affected by cancer, not to monetize data. We will never sell your personal information to third parties.

Table of Contents

1. Information We Collect

Information You Provide to Us

When you use our Platform, you may choose to provide:

  • Registration Information: Name, email address, age, type of cancer connection (patient, survivor, caregiver, family member, friend)
  • Profile Information: Optional details you add to personalize your experience
  • Community Content: Posts, comments, messages, and other content you share within our community
  • Support Requests: Information you provide when contacting our support team

Information Collected Automatically

  • Technical Information: Device type, browser type, operating system, IP address
  • Usage Information: Pages visited, features used, time spent on Platform, interaction patterns
  • Cookies & Similar Technologies: We use cookies to enhance your experience and keep you logged in (see Cookies section below)

Information From Minors

Our Platform is designed to be safe for users aged 13 and older. For users under 18, we collect only the minimum information necessary to provide our services. We comply with applicable child protection laws including COPPA (Children's Online Privacy Protection Act) and relevant EU regulations.

2. How We Use Your Information

To Provide Our Services

  • Create and maintain your account
  • Enable you to connect with others in the community
  • Personalize your experience based on your cancer connection type
  • Send you important updates about your account or the Platform

To Improve Our Platform

  • Analyze usage patterns to enhance features and user experience
  • Monitor and improve Platform performance and security
  • Conduct research (using aggregated, anonymized data only)

To Keep Our Community Safe

  • Moderate content to maintain a supportive, respectful environment
  • Prevent abuse, harassment, or violations of our Community Guidelines
  • Comply with legal obligations and protect user safety

For Communications

  • Send you Platform notifications (you can control these in settings)
  • Share community updates, resources, or educational content
  • Respond to your questions or support requests

What We DON'T Do:

  • ❌ Sell your data to advertisers or third parties
  • ❌ Share your health information without your explicit consent
  • ❌ Use your data for targeted advertising
  • ❌ Track you across other websites or apps

3. Information Sharing & Disclosure

Public vs. Private Information

  • Public: Your profile name and any content you post in public community spaces
  • Private: Your email, contact information, and private messages remain confidential

Important: Anything you share in public community forums becomes visible to other Oncoo members. Please be mindful about sharing sensitive personal or health information publicly.

When We May Share Information

With Your Consent

We will only share your personal information with third parties when you explicitly give us permission.

Service Providers

We may share information with trusted service providers who help us operate the Platform (e.g., cloud hosting, email services, content moderation). These providers are contractually required to protect your data and use it only for specified purposes.

Aggregated Data

We may share aggregated, anonymized statistics (e.g., "60% of our community are cancer survivors") with researchers, partners, or the public. This data cannot identify you individually.

Legal Requirements

We may disclose information when required by law, court order, or to protect the safety of our users or the public.

Business Transitions

If Oncoo merges with or is acquired by another organization, your information may be transferred. We will notify you via email and prominent notice on the Platform and give you the option to delete your account before any transfer.

What We Never Share

  • Your private messages
  • Your health information (unless you publicly post it)
  • Your contact information with advertisers or marketers
  • Your data for profit

4. Your Rights & Choices

Access & Control

  • Access: Request a copy of your personal data
  • Update: Edit your profile and account information anytime
  • Delete: Request deletion of your account and associated data
  • Export: Download your content and data in a portable format

Communication Preferences

  • Opt out of non-essential emails (you'll still receive critical account updates)
  • Control in-app notifications in your settings
  • Unsubscribe links are included in all marketing emails

Privacy Settings

You control what information appears on your profile and who can see your content. Adjust these settings in your account preferences.

To exercise your rights, contact us at: privacy@oncoo.app

5. Child Safety Standards

Our Commitment to Youth Safety

Oncoo is committed to providing a safe space for young people (ages 13+) affected by cancer. We have zero tolerance for:

  • Child sexual abuse and exploitation (CSAE)
  • Any explicit content involving minors
  • Predatory behavior or grooming attempts

Content Moderation

  • All user-generated content is subject to moderation
  • Automated systems flag inappropriate content for review
  • Our community can report concerning content or behavior
  • Trained moderators review flagged content promptly

CSAM Reporting

Any Child Sexual Abuse Material (CSAM) will be:

  1. Immediately removed from the Platform
  2. Reported to the National Center for Missing & Exploited Children (NCMEC)
  3. Reported to appropriate law enforcement authorities

CSAM is defined as: Any visual depiction (photo, video, computer-generated image) involving a minor engaged in sexually explicit conduct.

To report CSAM or safety concerns: safety@oncoo.app or use the in-app reporting feature.

6. Data Security & Protection

How We Protect Your Data

  • Encryption: All data is encrypted in transit (HTTPS/TLS) and at rest
  • Secure Storage: We use industry-standard security measures and trusted cloud providers
  • Access Controls: Only authorized personnel can access personal data, and only when necessary
  • Regular Audits: We conduct security assessments to identify and address vulnerabilities

Data Retention

  • Active Accounts: We retain your data as long as your account is active
  • Deleted Accounts: After deletion, we permanently remove your personal data within 30 days (except where required by law)
  • Backups: Some data may remain in backups for up to 90 days before permanent deletion

Limitations

While we implement robust security measures, no system is 100% secure. We cannot guarantee absolute security but commit to:

  • Prompt notification if a data breach affects your information
  • Transparent communication about security incidents
  • Continuous improvement of our security practices

7. Cookies & Tracking Technologies

What Are Cookies?

Cookies are small text files stored on your device that help us:

  • Keep you logged in
  • Remember your preferences
  • Understand how you use the Platform
  • Improve performance and functionality

Types of Cookies We Use

  • Essential Cookies: Required for the Platform to function (login, security)
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Help us understand usage patterns (anonymized)

Your Cookie Choices

You can control cookies through your browser settings. Note that disabling essential cookies may limit Platform functionality.

We do NOT use:

  • Advertising cookies
  • Third-party tracking cookies
  • Cross-site tracking

8. Third-Party Services & Links

External Links

Our Platform may contain links to external websites, social media platforms, or resources. These third-party sites have their own privacy policies, which we encourage you to review. We are not responsible for the privacy practices of external sites.

Social Media Features

If we integrate social media features (e.g., "Share to Facebook"), these features may collect information about your visit and are governed by the third party's privacy policy, not ours.

Co-Branded Content

If we partner with organizations to provide educational content or events, we will clearly disclose when a third party may collect your information. Participation is always voluntary.

9. International Users & Data Transfers

Where We Store Data

Our Platform is operated in the European Union. If you access our Platform from outside the EU, your information may be transferred to and processed in the EU.

EU Users' Rights (GDPR)

If you're in the European Union, you have additional rights under GDPR:

  • Right to access your data
  • Right to rectification (correct inaccurate data)
  • Right to erasure ("right to be forgotten")
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

EU Privacy Contact: gdpr@oncoo.app

10. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. When we make material changes, we will:

  • Update the "Effective Date" at the top
  • Notify you via email and/or prominent notice on the Platform
  • Give you the opportunity to review changes before they take effect

We encourage you to review this Privacy Policy periodically.

11. Compliance & Transparency

Legal Compliance

Oncoo complies with:

  • General Data Protection Regulation (GDPR)
  • Children's Online Privacy Protection Act (COPPA)
  • ePrivacy Directive
  • Applicable national data protection laws

Transparency Report

We believe in transparency. Annually, we will publish a report detailing:

  • Number and types of data requests from authorities
  • Content moderation statistics
  • Security incidents (if any)

12. Contact Us

We're here to answer your questions about privacy and data protection.

General Privacy Inquiries

privacy@oncoo.app

Data Rights Requests

privacy@oncoo.app

Child Safety & CSAM Reports

safety@oncoo.app

EU/GDPR Inquiries

gdpr@oncoo.app

Mailing Address

Oncoo
[Your Registered Address]
[City, Country]

Governing Law

This Privacy Policy is governed by the laws of the European Union and Italy. Any disputes will be resolved in accordance with these laws.

If any part of this Privacy Policy is found to be invalid or unenforceable, the remainder will continue in full force and effect.

Plain Language Summary

TL;DR - What You Need to Know:

We collect: Basic info to run your account + what you choose to share
We use it for: Making Oncoo work, keeping you safe, improving the platform
We DON'T: Sell your data, show you ads, or track you around the web
Your control: Access, edit, download, or delete your data anytime
Safety first: Zero tolerance for abuse, especially regarding minors
Questions? Email privacy@oncoo.app

Remember: Anything you post publicly in the community is visible to other members. Be thoughtful about sharing sensitive health information.

Oncoo is a nonprofit community platform. We exist to serve people affected by cancer—not to monetize your data. Privacy is a core value, not an afterthought.

Last Updated: October 2025 | Version: 1.0